Overview

overview

10

Static

static

10

f4bf0ec5d3...38.exe

windows7-x64

10

f4bf0ec5d3...38.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f4bf0ec5d3a98d1366fd7e870214aca5b7247966d556c013ca5b030595e7f738

  • Size

    1.0MB

  • Sample

    221001-wjrftaaeck

  • MD5

    765e13101b6dbc2e4495e25b207dd0ca

  • SHA1

    71c5678ede783b2aecec2418c8543062343debef

  • SHA256

    f4bf0ec5d3a98d1366fd7e870214aca5b7247966d556c013ca5b030595e7f738

  • SHA512

    33ecc18b30b572f87b3edfba41ee85a1b4b90f8d6c8951a556db7695a7db71a67300a63bc57c6dd7d95ab005499c0738fe6d0d745bc7bf40ff8784bcd763fc2c

  • SSDEEP

    24576:qwRxikrccPSefv+qbOv+x61XbMWiZBhVm:qqjjPSuv+qqImQBhk

Score
10/10
neshtapersistencespywarestealer

Malware Config

Targets

    • Target

      f4bf0ec5d3a98d1366fd7e870214aca5b7247966d556c013ca5b030595e7f738

    • Size

      1.0MB

    • MD5

      765e13101b6dbc2e4495e25b207dd0ca

    • SHA1

      71c5678ede783b2aecec2418c8543062343debef

    • SHA256

      f4bf0ec5d3a98d1366fd7e870214aca5b7247966d556c013ca5b030595e7f738

    • SHA512

      33ecc18b30b572f87b3edfba41ee85a1b4b90f8d6c8951a556db7695a7db71a67300a63bc57c6dd7d95ab005499c0738fe6d0d745bc7bf40ff8784bcd763fc2c

    • SSDEEP

      24576:qwRxikrccPSefv+qbOv+x61XbMWiZBhVm:qqjjPSuv+qqImQBhk

    Score
    10/10
    neshtapersistencespywarestealer

    • Modifies system executable filetype association

      persistence

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

      persistencespywareneshta

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks